[pkg-gnupg-maint] Upgrading sid to 2.2.42?

Andreas Metzler ametzler at bebt.de
Sat Feb 10 12:03:31 GMT 2024 

On 2024-02-06 Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On Sat 2024-02-03 09:06:44 +0100, Andreas Metzler wrote:

> > any thoughts on a upgrade to 2.2.42? It seems to be straightforward in
> > my local test.

> Thanks for looking into this!

> I think it's probably a good idea to consider that upload, not least
> because it'd be good to prepare for 2.2.43, but i'm also a bit wary
> about what advertisements are placed in the default new OpenPGP key
> generation.

> For example, we're already seeing unreadable mail in Thunderbird because
> it imports OpenPGP certificates that were generated by GnuPG advertising
> support for features that the version of RNP shipped in Thunderbird
> couldn't decrypt:
[...]
> It looks to me like a545e14e8a74453a3110e32533af8858f88492be at least
> adds such an advertisement on new key generation.  However, I haven't
> tested what the default key generation process produces, or whether any
> new feature advertisements are added during, say, re-signing.

> If the default new key generation doesn't have the additional
> advertisements, it seems reasonable to just go ahead with an upload to
> unstable.  if the default new key generation adds advertisements that
> are likely to cause unreadable messages to be delivered to Thunderbird,
> maybe we can adjust with a patch?

Hello,

I just did quick check with 2.2.42 --generate-key and --quick-generate-key.
Afaict from gnupg's view AEAD is not set fo the new key:
gpg> showpref
[ultimate] (1). testit42
     Cipher: AES256, AES192, AES, 3DES
     AEAD:
     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify

For comparison with 2.4.4 I get:
[ultimate] (1). testit at gpg2.4.4
     Cipher: AES256, AES192, AES, 3DES
     AEAD: OCB
     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, AEAD, Keyserver no-modify

(It is possible to disable "AEAD: OCB" with "setpref AES256 AES192 AES
SHA512 SHA384 SHA256 SHA224 ZLIB BZIP2 ZIP", I have not found a way in
2.2.42 enable it if it is missing.)

I am able to:
* import key and secret key into rnp 0.17.0-3
* encrypt a file for this public key in rnp and decrypt it again in both
  rnp and gpg 2.2.40
* encrypt a file for this public key in gpg 2.2.40 and decrypt it again
  in both rnp and gpg 2.2.40.

Any idea for further tests?

TIA, cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the pkg-gnupg-maint mailing list